On Wed, 3 Feb 1999, Peter Kese wrote:
>
> Let's suppose I set up a tunneling VS configuration for a web or proxy
> server. Clients send the requests (through the VS router) and the
> servers reply directly to clients. When the transfer is finished, the
> server closes the TCP socket. That means it sends an IP packet to the
> client to notify it that the socket had been closed. But this IP packet
> does not get intercepted by the VS and the masquerading entry remains in
> the hash table and stays there for the next 15 minutes until the
> TCP/masq timeout mechanism decides the connection is dead.
>
> Am I right?
>
> If I am, than we might be in trouble. In a web proxy configuration, the
> amount of hourly requests easily exceeds 100000 requests per hour. That
> means that in each moment there would be 25000 'zombie' masquerading
> entries messing up the hash table.
websites like CNN's news server run out of sockets unless they
change the timeout for the socket_close (2mins default
I believe, they set it to 30secs). I heard this at a talk
by someone from CNN (I think)
Joe
--
Joseph Mack mack@xxxxxxxxxxx
|